Security Affairs

JULY 8, 2020

Early June, researchers at F5 Networks have addressed a critical remote code execution (RCE) vulnerability, tracked as CVE-2020-5902, that resides in undisclosed pages of Traffic Management User Interface (TMUI) of the BIG-IP product. The CVE-2020-5902 vulnerability received a CVSS score of 10, this means that is quite easy to exploit.

Advertising 131

Advertising InfoSec Government Healthcare 131

Security Affairs

NOVEMBER 2, 2020

Oracle issued an out-of-band security update to address a critical remote code execution issue (CVE-2020-14750) impacting multiple Oracle WebLogic Server versions. The advisory states that this vulnerability is related to the CVE-2020-14882 flaw that was addressed in the October 2020 Critical Patch Update. . 12.2.1.4.0,

Advertising 105

Advertising Authentication Passwords Hacking 105

Security Affairs

DECEMBER 11, 2020

The streaming service added that exposed data included Spotify account registration information such as user display name and password, email address, date of birth, and gender. The post Spotify reset user passwords after accidentally personal information exposure appeared first on Security Affairs.

Passwords 112

Passwords Accountability Hacking Data breaches 112

Security Affairs

APRIL 1, 2020

The popular Zoom app is under scrutiny, experts have discovered a vulnerability that could be exploited to steal users’ Windows passwords. Security experts and privacy advocates believe that the Zoom is an efficient online video communication platform, but evidently it has some serious privacy and security solutions.

Passwords 123

Passwords Advertising Hacking Software 123

Security Affairs

JULY 25, 2020

CISA is warning of the active exploitation of the unauthenticated remote code execution CVE-2020-5902 vulnerability affecting F5 Big-IP ADC devices. “This Alert also provides additional detection measures and mitigations for victim organizations to help recover from attacks resulting from CVE-2020-5902.

Advertising 117

Advertising Government Healthcare Education 117

Security Affairs

JANUARY 21, 2021

With a simple Google search, anyone could have found the password to one of the compromised, stolen email addresses: a gift to every opportunistic attacker.” If you want to receive the weekly Security Affairs Newsletter for free subscribe here. ” reads the post published by Check Point. ” continues the post.

Phishing 134

Phishing Passwords Healthcare Manufacturing 134

Security Affairs

DECEMBER 4, 2020

Hundreds of millions of Android users are potentially exposed to the risk of hack due to the use of Android Play Core Library versions vulnerable to CVE-2020-8913. The CVE-2020-8913 flaw is a local, arbitrary code execution vulnerability that resides exists in the SplitCompat.install endpoint in Android’s Play Core Library.

Hacking 118

Hacking Risk Mobile Banking 118

Daniel Miessler

MAY 19, 2020

TOPIC: In this episode, Daniel takes a look at the 2020 Verizon Data Breach Investigations Report. The top malware type is Password Dumper, because it really is about getting those creds. He looks at the key findings and talks about what they might mean to us going forward. The newsletter serves as the show notes for the podcast.

Data breaches 130

Data breaches Phishing Malware Hacking 130

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. passwords. A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen ) devised new methods to hack WPA3 protected WiFi passwords by exploiting two new vulnerabilities dubbed Dragonblood flaws.

Passwords 102

Passwords Hacking Wireless Authentication 102

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The vulnerability, tracked as CVE-2020-29583 received a CVSS score of 7.8, of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. .

Firewall 140

Firewall VPN Firmware Passwords 140

Security Affairs

AUGUST 4, 2020

NetWalker ransomware operators continue to be very active, according to McAfee the cybercrime gang has earned more than $25 million since March 2020. McAfee researchers believe that the NetWalker ransomware operators continue to be very active, the gang is believed to have earned more than $25 million since March 2020. reads the alert.

Ransomware 75

Ransomware VPN Cybercrime Advertising 75

Security Affairs

OCTOBER 6, 2019

Microsoft says that the Iran-linked cyber-espionage group tracked as Phosphorus (aka APT35 , Charming Kitten , Newscaster , and Ajax Security Team) a 2020 presidential campaign. In some instances, they gathered phone numbers belonging to their targets and used them to assist in authenticating password resets.”

Accountability 79

Accountability Passwords Advertising Government 79

Security Affairs

MAY 27, 2020

The updated Grandoreiro Malware equipped with latenbot-C2 features in Q2 2020 now extended to Portuguese banks. Cybercriminals attempt to compromise computers to generate revenue by exfiltrating information from victims’ devices, typically banking-related information. Figure 1: Grandoreiro email template Q2 2020 (Portugal).

Malware 71

Malware Banking Advertising Data collection 71

Security Affairs

NOVEMBER 4, 2020

Yesterday almost $1 billion worth of cryptocurrency contained in a password-protected BitCoin wallet was moved to another wallet. Ahead of the 2020 Presidential election a mysterious transaction was noticed by cyber security experts and researchers. I have the wallet, @Google hook me up with a quantum computer please.

Cryptocurrency 141

Cryptocurrency Passwords Advertising Hacking 141

Security Affairs

NOVEMBER 22, 2021

.” said Demetrius Comes, GoDaddy’s Chief Information Security Officer. Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress.” The original WordPress Admin password that was set at the time of provisioning was exposed.

Data breaches 129

Data breaches Passwords Accountability Phishing 129

Security Affairs

JUNE 30, 2020

A threat actor is selling databases containing data belonging to 14 different companies he claimed were hacked in 2020. The databases are available for sale on multiple hacker forums, the all includes usernames and hashed passwords. Company # of records Alleged Breach Date DarkThrone 282,825 June 2020 Efun 2.2

Data breaches 143

Data breaches Hacking Passwords Risk 143

SecureWorld News

JANUARY 28, 2021

2020 was a wake-up call for more than healthcare pandemic preparedness. It also exposed some huge security and privacy vulnerabilities, which many cybercrooks have exploited thousands of times throughout 2020 for remote workers. Training must be more frequent and go beyond covering phishing and passwords.

IoT 54

IoT Phishing Mobile Passwords 54

Security Affairs

JUNE 13, 2023

According to HIBP, the records in the database contain names, addresses, phone numbers, email addresses, usernames, and passwords stored as unsalted SHA-256 hashes. The company attempted to downplay the security breach by telling Have I Been Pwned that threat actors only had access to encrypted passwords. ” reported HIBP.

Data breaches 95

Data breaches Passwords Cybercrime Encryption 95

Security Affairs

JULY 28, 2020

Million March 26th, 2020 Yes Dave.com 7 Million July 2020 * Yes Drizly.com 2.4 Million July 2020 * No GGumim.co.kr Million March 2020 * Yes Havenly.com 1.3 Million June 2020 * No Hurb.com 20 Million N/A Yes Indabamusic.com 475 Thousand N/A No Ivoy.mx com 3 Million July 2020 * No Scentbird.com 5.8

Passwords 140

Passwords Advertising Education Banking 140

Security Affairs

OCTOBER 4, 2020

HP released a security advisory that includes details for three critical and high severity vulnerabilities, tracked as CVE-2020-6925, CVE-2020-6926, and CVE-2020-6927, that impact the HP Device Manager. Base Score CVE-2020-6925 Weak Cipher All versions of HP Device Manager 7.0

Hacking 136

Hacking Accountability Passwords InfoSec 136

Security Affairs

FEBRUARY 2, 2024

.” In June 2021, researchers from Avast warned of the rapid growth of the DirtyMoe botnet ( PurpleFox , Perkiler , and NuggetPhantom ), which passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. Experts defined DirtyMoe as a complex malware that has been designed as a modular system.

Malware 109

Malware Internet Internet DDOS 109

Security Affairs

NOVEMBER 23, 2020

VMware last week addressed six vulnerabilities (CVE-2020-3984, CVE-2020-3985, CVE-2020-4000, CVE-2020-4001, CVE-2020-4002, CVE-2020-4003) in its SD-WAN Orchestrator product, including some issues that can be chained by an attacker to hijack traffic or shut down an enterprise network.

Passwords 95

Passwords Authentication Accountability Hacking 95

CyberSecurity Insiders

FEBRUARY 3, 2021

As a result, a number of concerning behavioral trends were seen, with 45% of employees saying they’d suffered a security incident at work and not reported it, and perhaps even more worryingly, 15% saying they had given their work log-in and password to others in the organization. .

CISO 52

CISO Information Security Digital transformation Cybercrime 52

Security Affairs

JANUARY 30, 2023

Sports fashion retail JD Sports discloses a data breach that explosed data of about 10M customers who placed orders between 2018 and 2020. UK sports fashion chain JD Sports disclosed a data breach that exposed customer data from orders placed between November 2018 and October 2020. The affected JD Sports group brands are JD, Size?,

Data breaches 97

Data breaches Retail Passwords Scams 97

Security Affairs

JUNE 18, 2021

In 2020, the company was ranked at number three on the Fortune List of the Top 100 Companies to Work For in 2020 based on an employee survey of satisfaction, currently, it has more than 50,000 employees. It is generally a good idea to use a unique password for each online account you may have.” Wegmans Food Markets, Inc.,

Data breaches 107

Data breaches Passwords Accountability Marketing 107

Security Affairs

DECEMBER 18, 2023

These pieces of malware are created with the intent of stealing valuable data, such as login credentials, financial information, personal details, and more. This data may include usernames, passwords, credit card numbers, social security numbers, and other sensitive information.

Banking 120

Banking Cybercrime Malware Accountability 120

Security Affairs

SEPTEMBER 21, 2023

The recently discovered Free Download Manager (FDM) supply chain attack, which distributed Linux malware, started back in 2020. The maintainers of Free Download Manager (FDM) confirmed that the recently discovered supply chain attack dates back to 2020. collect) that launches the /var/tmp/crond file every 10 minutes.”

Malware 109

Malware Backups Software Passwords 109

Security Affairs

SEPTEMBER 24, 2020

Microsoft is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon. — Microsoft Security Intelligence (@MsftSecIntel) September 24, 2020. We strongly recommend customers to immediately apply security updates for CVE-2020-1472.

Security Intelligence 129

Security Intelligence Authentication Advertising Passwords 129

Security Affairs

SEPTEMBER 18, 2023

Microsoft AI researchers accidentally exposed 38TB of sensitive data via a public GitHub repository since July 2020. The Microsoft AI research team started publishing data in July 2020. Below is the timeline of this security incident: Jul. 20, 2020 – SAS token first committed to GitHub; expiry set to Oct. 5, 2021 Oct.

Accountability 129

Accountability Backups Risk Passwords 129

Security Affairs

OCTOBER 17, 2022

As soon the company became aware of the security breach it blocked access to all affected systems. . In September 2020, 80% of MyDeal were acquired by Woolworths, anyway Woolworths was not impacted by the security breach. Payment, drivers licence, or passport details were accessed because MyDeal does not store this information.

Retail 123

Retail Data breaches Passwords Accountability 123

Security Affairs

APRIL 16, 2024

Each plugin undergoes a process of secure retrieval from the threat actor’s server in an encrypted format, followed by decryption, before being executed within the system environment.” The panel shows a message in Chinese language saying that the username or password is incorrect when the users enter the wrong credentials.

Spyware 114

Spyware Mobile Malware Encryption 114

Security Affairs

MARCH 16, 2020

Last week, Open Exchange Rates disclosed a data breach that exposed the personal information and hashed passwords for customers of its API service. Last week, the currency data provider Open Exchange Rates has disclosed a data breach that exposed the personal information and salted and hashed passwords for customers of its API service.

Data breaches 111

Data breaches Passwords Advertising Accountability 111

Security Affairs

JUNE 22, 2021

DirtyMoe is a Windows botnet that is rapidly growing, it passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. “Recently, a new infection vector that cracks Windows machines through SMB password brute force is on the rise” reads the analysis published by AVAST.

DNS 138

DNS Cryptocurrency Internet Internet 138

Security Affairs

AUGUST 12, 2021

Microsoft warns of a long-running spear-phishing campaign that has targeted Office 365 customers in multiple attacks since July 2020. Microsoft revealed that a year-long spear-phishing campaign has targeted Office 365 customers in multiple attacks starting with July 2020.

Phishing 116

Phishing Passwords Encryption Cybercrime 116

Security Affairs

JANUARY 25, 2020

Cisco has addressed a high-severity flaw in the Cisco Webex video conferencing platform ( CVE-2020-3142) that could be exploited by a remote, unauthenticated attacker to enter a password-protected video conference meeting. reads the security advisory published by Cisco. reads the security advisory published by Cisco. “An

Mobile 134

Mobile Passwords Advertising Authentication 134

CyberSecurity Insiders

JANUARY 30, 2023

JD Sports, Britain’s online retailer of branded sportswear, has reportedly become a victim of a cyber attack that leaked information of over 10 million customers. Accessed information includes data related to phone numbers, email accounts, addresses, names, the location where the order was delivered, and the final 4 digits of bank cards.

Data breaches 109

Data breaches Retail Identity Theft Social Engineering 109

Security Affairs

MARCH 7, 2023

The security breach suffered by LastPass was caused by the failure to update Plex on the home computer of one of its engineers. The hackers installed a keylogger on the DevOp engineer’s computed and captured his master password. “We have recently been made aware of a security vulnerability related to Plex Media Server. .”

Software 98

Software Hacking Data breaches Media 98